function simpleQuery(&$db) { $query = v($_REQUEST["query"]); if (!$query) { $query = Session::get('select', 'query'); } // try to load from session if (!$query) { return ''; } // see if user is restricted to a list of databases by configuration // if yes, then disallow db use queries // it's still possible that the command can contain db prefixes, which will override the db selection //$info = getCommandInfo($query); //if ($info['dbChanged']) // return ''; $query_type = getQueryType($query); if ($query_type['result'] == FALSE) { return $query; } // only apply limit/sort to select queries with results if ($query_type['can_limit'] == FALSE) { return $query; } Session::set('select', 'can_limit', $query_type['can_limit'] == TRUE); if (v($_REQUEST["id"]) == 'sort') { $field = v($_REQUEST['name']); if ($field) { $query = sortQuery($query, ctype_digit($field) ? $field : $db->quote($field)); } // clear pagination if sorting is changed Session::set('select', 'page', 1); } // save order clause with query in session, required for pagination Session::set('select', 'query', $query); // try to find limit clause in the query. If one is not applied, apply now // only either sort or pagination request can come at a time if (!$query_type['has_limit'] && v($_REQUEST["id"]) != 'sort') { $record_limit = Options::get('res-max-count', MAX_RECORD_TO_DISPLAY); $page = v($_REQUEST['name']); if ($page) { $limit_applied = Session::get('select', 'limit'); if (!ctype_digit($page) | $page < 1 || !$limit_applied) { return $query; } $count = Session::get('select', 'count'); $total_pages = ceil($count / $record_limit); if ($total_pages < $page) { return $query; } Session::set('select', 'page', $page); $limit = $db->getLimit($record_limit, ($page - 1) * $record_limit); $query .= $limit; } else { Session::del('select', 'table'); Session::del('select', 'limit'); Session::del('select', 'page'); Session::del('select', 'count'); Session::del('select', 'sort'); Session::del('select', 'sortcol'); if (!$db->query($query)) { return $query; } $count = $db->numRows(); if ($count > $record_limit) { Session::set('select', 'count', $count); Session::set('select', 'page', 1); Session::set('select', 'limit', true); $limit = $db->getLimit($record_limit); $query .= $limit; } } } return $query; }
// require_once("inc/data.php"); require_once "inc/db.php"; require_once "inc/functions.php"; $pageTitle = ""; include "inc/header.php"; if (isset($_GET['title'])) { $where = where($_GET['title'], null); } else { if (isset($_GET['actor'])) { $where = where(null, $_GET['actor']); } else { $where = ""; } } $sort = isset($_GET['sort']) ? sortQuery($_GET['sort']) : ""; ?> <body> <div class="container"> <div class="row"> <h1 class="text-center">Movies Viewer</h1> <p class="lead text-center">List of your favorite movies below.</p> <div class="form-group search-box"> <div class="col-sm-3"> <select class="form-control" id="select"> <option disabled>-- Select search criteria --</option> <option value="title">By title</option> <option value="actor" <?php echo isset($_GET['actor']) ? "selected" : "";